noise/: Clarify properties of handshake's second message (#356)

Co-authored-by: Max Inden <mail@max-inden.de>
2026-01-08 23:08:09 -05:00 · 2021-08-06 13:32:57 +07:00
parent 1544b68658
commit d8130f46c1
1 changed files with 4 additions and 1 deletions
--- a/noise/README.md
+++ b/noise/README.md
@@ -218,7 +218,10 @@ These payloads MUST be inserted into the first message of the handshake pattern
 **that guarantees secrecy**. In practice, this means that the initiator must not
 send a payload in their first message. Instead, the initiator will send its
 payload in message 3 (closing message), whereas the responder will send theirs
-in message 2 (their only message).
+in message 2 (their only message). It should be stressed, that the second
+message of the handshake pattern has forward secrecy, however the sender has not
+authenticated the responder, so this payload might be sent to any party,
+including an active attacker.

 When decrypted, the payload contains a serialized [protobuf][protobuf]
 `NoiseHandshakePayload` message with the following schema: